[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] Why kill a private key publicly?



On 07/13/2016 10:49 AM, Georgi Guninski wrote:
> On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote:
>> OK, let's see if you can spoof my email address, and produce a signed
>> message with a valid signature :)
>>
> 
> Spoofing your email detectably is trivial, e.g. with netcat by hand.

For sure.

> If I could sign in your name, why kill your private key publicly,
> scaring gpg lusers? Wouldn't it be better for me to profit from your
> private key?

For lulz :)

And anyway, Mirimir has nothing worth stealing except reputation.

> IMHO for the majority of lusers, getting their private key is not
> related to crypto, more to apps sploits.

True. Not so trivial, though.

> lol, just trolling ;)

:)

> @juan: denying you wrote something signed is possible too. just revoke
> the key, claiming hax0r attack. for plausibility you can leak the
> private signing key (assuming it is worthless as it should be on ML).

:)